A customer datacenter typically includes various network security devices. The network security devices control access to network resources based on security policies that are applied by the network security devices. The security policies include security rules which include sets of components. The components define protocols, services, source and destination IP addresses and IP address ranges, network ports, action types (e.g., permit and deny), and the like. The components of the security rules may be referred to generally as objects. A challenge has been presenting to a user a large number of security policy objects that have complex relations with each other across multiple security policies and network security devices in a limited display space in a way that the user is able to readily identify anomalies and abnormalities in the objects, identify objects that are not anomalous, form links between objects, edit the objects, and have such changes be applied across the objects. A further challenge has been how to deal with the nesting of objects within objects. That is, a given top-level object may contain multiple objects at multiple levels-down from the top-level object. This nested structure is difficult to depict visually in a convenient manner.